Just.Oblivious

Here is a quick snap of my tinkering/engineering/coding/hacking workstation: Specs: HP EliteBook 2560P (i5-2410M, 8GB DDR3, 120 GB SATA SSD, DVD RW drive) running Pop!OS Linux. Monitor: Dell U2515H (25" 1440p60 IPS). Other items: Wooting One keyboard, Logitech G305 mouse, Edifier speakers, IKEA LED bias lighting, Flipper Zero, Anet A8 "AliExpress special" 3D printer, a dissected IKEA Smart Home sensor product with some wires poking out, a logic analyzer, and some random electronics/ESP8266/microcontroller stuff. Performance is still very respectable for a 10+ year old midrange business laptop. Miraculously it still holds a 3 hour charge.

@LinusTech Some remarks from a casual observer: Having premature “labs” testing data included in a product review only jeopardises the future credibility of the lab; don’t include it until the testing methodology for <insert category> has been finalised and tested for repeatability. Laboratories typically don’t share premature results with a wide audience, and what they share with the scientific community always includes clear remarks regarding the data being inconclusive with a detailed explanation of how they got to their results. I know you’re eager to show us what your shiny new equipment can do, but please only do it to entertain us. Don’t rely on the data yet to draw conclusions about products, don’t even share the data with us until you can vouch for its accuracy.

I would love to see a video explaining your actual IT infrastructure, not just the boxes and cables Like do you have AD-joined machines to provision software and set policies, or is it all just standalone boxes with local accounts? How do you ensure endpoints have the proper security controls in place? Does LMG or Labs make use of infrastructure-as-code to deploy things (e.g. Ansible)? Is there something like GitLab running to manage source code and automate deployments? How is the network laid out between the different entities and locations, like routes and stuff? How do the firewalls perform at 10G+ speeds with policies in place? And as someone who works in IT security: have you considered setting up centralized log management, EDR, SIEM, NIDS, etc. now that the company is growing towards more of an enterprise scale? This stuff might be a bit too technical for the general LTT audience, but I'm still curious to know.

/me: Dream, who's that?! Am I getting too old for this internet thing? Well, apperrantly there is about an order of magnitude more interest in Minecraft content on YouTube than I originally thought...

I love to see more Home Assistant content! I don’t know what your plans are regarding the Home Assistant platform, but given the number of devices that you plan to connect I would strongly advice you to skip the Raspberry Pi (kind of the go-to deployment platform for HA) and go straight for a dedicated X86 host; else the performance will be terrible and your SD card will die in a matter of weeks from all the database writes… By the way, Google Assistant works fine without the Home Assistant cloud subscription (no auth issues here), though admittedly the manual setup process is quite cumbersome compared to the Cloud setup.

So, time to go deeper: when is the ASML tour coming?

Do those Crucial drives have wireless SATA? Because I certainly didn't see any data cables... Still a cool concept case, just way overpriced for what it is (the Flex PSU isn't even included at that price)...

Both interfaces have enough bandwidth for gigabit Ethernet. It's going to come down to the individual chipset for things like latency, featureset and driver support. If you need a 10 Gbps dongle, then TB3 is going to be the only (rather expensive) option. For general use I'd just get the cheapest possible one...

Recovering from a bad flash is going to require some tinkering: https://www.stevejenkins.com/blog/2014/01/how-to-unbrick-a-netgear-wndr3400-n600-router-after-a-bad-dd-wrt-flash/ On the bright side, you don't have to do any soldering to recover this one.

There is always the chance that tinkering with firmware 'bricks' a device, though in reality I've only seen it happen once (out of the ~100 firmware flashes that I've done on consumer routers). And even if it does happen, the router can usually be recovered through a serial console (which may required opening the device and soldering some wires onto the board). If the router powers on and the web UI is accessible, you can usually revert back to the original firmware by flashing the firmware file provided by the manufacturer. But keep in mind that when a product requires warranty repairs it's often broken beyond this point, making it very hard (or even impossible) to revert the firmware before shipping it in. Whether or not tinkering with firmware voids the warranty of a product depends on local laws and regulations.

Another option is to ditch the idea of a x86 pc-based router. If you separate the VPN load from the routing/firewall tasks you can get by with a good low-power ethernet+SFP router (like the Ubiquiti EdgeRouter 4). Just run the VPN client on the desktop (or in the future on a VM) and you're good. BTW you absolutely don't need server-grade hardware for running a home-router, just keep the ISP router as a cold spare in case something fails... The only case where I would consider server hardware (and ECC memory) at home is for a storage server. If your stuff is mission critical you should always setup two boxes with automatic failover, don't forget a UPS-system with a generator out back and a second internet line, you know, just in case your cat blog goes offline

What type of cable is it that you get from them? There are a few dozen flavors of optical fiber cable, the SFP module you select has to be compatible with the technology used by your ISP. Not if you do it properly... Virtualizing routers, firewalls and security appliances is common practice in big enterprises. Breaking out of a virtual machine is a few hundred times more difficult than pwning a cheap-ass home router, believe me. Of course you should use a proper hypervisor and segment the interfaces, but that's a given with virtualization. Another solution is to get a hardware firewall with your virtual routing appliance behind it. As far as VPN performance goes, 100 Mbps should be doable with something like a Celeron-based Intel NUC.

It all depends on how your ISP delivers its service. Does the fiber line go directly from the wall into the router, or does it go through a media converter with ethernet output first? VPN, as in connecting to a public VPN provider? 99% of the public VPN providers use OpenVPN, which uses a hell of a lot of CPU resources. Pushing 200+ Mbps over OpenVPN is a challenge (think Core i3/i5 server with AES-NI support and no other services running). If you want VPN just for making remote connections to your home network you can use a less resource-intensive protocol like L2TP/IPSEC. If you already have a server running (or if you plan to get a home server) you should consider building a virtual router, that way you can share resources and save power.

High level overview of my home infrastructure: It's pretty basic in terms of actual networking. Just a few VLANs, some routes, two IPv6 networks, two VPN tunnels and a load of firewall rules. The unRAID box runs a virtual router that tunnels traffic over a NordVPN link (primarily used for downloading), it's way faster than trying to run OpenVPN on an (already busy) EdgeRouter. I also have a cloud-hosted VPS for out-of-band management from other networks (that are often IPv4 only), it runs a dedicated IPSEC tunnel over IPv6 to my internal management-host. Unfortunately my ISP doesn't provide the credentials for their VOIP platform, so I have to use their stupid all-in-one router/VOIP ATA with another ATA right after it to get a usable VOIP line. Migrating the landline to a cloud VOIP provider is on the roadmap for Q4 2018.

I use my (stock) Anet A8 primarily for printing small spare parts. Recently I printed seat bushings, panel clips, bulb holders and other small things for a BMW Z3 that I'm restoring. My main filament is PETG, it's durable yet flexible enough for making spring-fit assemblies (like panel clips or a snap-fit lid for an enclosure). Almost all things that I print are a custom design (simply because most parts that I need have never been designed/published before). Tape is my preferred bed material. I'm not too concerned about surface finish or print quality, if the part comes out correctly and fits right I'm happy.